CVE-2014-3585
The CVE-2014-3585 entry concerns the Red Hat redhat-upgrade-tool, which does not verify GPG signatures when upgrading versions. This is described as enabling potential forgery or MitM-style abuse, with mitigations discussed in multiple sources. The impact is characterized as high (critical/remote...